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Finite field multiplication is central in the implementation of some error-correcting 
coders. Massey and Omura [4] have presented a revolutionary design for multiplication in 
a finite field . In their design , a normal basis is utilized to represent the elements of the 
field. In this article , the concept of using a self-dual normal basis to design the Massey- 
Omura finite field multiplier is presented . The article first presents an algorithm to locate 
a self-dual normal basis for GF(2 m ) for odd m. Then a method to construct the product 
function for designing the Massey-Omura multiplier is developed . It is shown that the 
construction of the product function based on a self-dual basis is simpler than that based 
on an arbitrary normal basis. 


I. Introduction 

Finite field multiplication is central in the implementation 
of some error-correcting coders [1] [2] and authentication 
devices [3] . There is a need for good multiplication algorithms 
that can be easily realized. Massey and Omura [4] have devel- 
oped a new algorithm for multiplication in a Galois field based 
on a normal basis representation. Using this normal basis, the 
design of the finite field multiplier is simple and regular [5], 
The product components can be obtained by the same logical 
function operating on the cyclically shifted versions of the 
components of the multiplicand and multiplier. Hence, design- 
ing a Massey-Omura multiplier is essentially designing this 
product function. An architecture for implementing Massey- 
Omura multipliers in GF(2 m ) was presented in [5] . The nor- 
mal basis used in the design of [5] is the linearly independent 


roots of a generating polynomial of GF( 2 m ). However, it is 
very difficult to verify the linear independence of the roots 
of a polynomial. Wah and Wang [6] [7] have shown that if 
m + 1 is a prime and 2 is primitive mod (m + 1), the all -one 
polynomial of degree m is irreducible and its roots constitute 
a normal basis. Pei, Wang and Omura [8] have also presented 
necessary and sufficient conditions for an element to generate 
a normal basis for the field GF{ 2 m ) for some particular m’s. 
Recently a generalized algorithm to locate a normal basis in 
any field has been developed [9] . In [9] , the concept of dual 
basis is used to design the product function of the Massey- 
Omura multiplier. 

In this article, a self-dual normal basis is used to design the 
Massey-Omura multiplier. It is well known [1] that there 
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exists a self-dual normal basis in GF(2 m ) if m is odd. This arti- 
cle will show that the construction of the product function for 
a self-dual normal basis is simpler than that for an arbitrary 
normal basis. It also presents an algorithm to locate a self-dual 
normal basis in GF(2 m ) for odd m . Finally, a method to con- 
struct the product function is developed. 

II. Massey-Omura Finite Field Multiplier 

The fundamental concept of Massey-Omura finite field mul- 
tiplication [4] [5] [9] is based on the utilization of a normal 
basis of the form (a, a 2 , a 4 , •••, a 2 " 1 ” 1 }. Multiplication in 
the normal basis representation requires the same logic cir- 
cuitry for any one product component as it does for any other 
product component. Adjacent product-component circuits 
differ only in their inputs, which are cyclically shifted versions 
of one another. 

Let {a, a 2 , a 4 , • • • , a 2 m ~ 1 } be a normal basis for GF{ 2 m ). 
Any two elements y and z in GF(2 m ) can be expressed as 
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( 1 ) with p t j - 0 or 1 . Therefore, the central problem in designing a 
Massey-Omura multiplier is to construct the product function 
/ given in (4a). A product function can be constructed in such 
a way that the coefficient p^ of a t bj in (4a) is 



1 = 0 


Let 


( _i J 

a 2 * a 2 • y 2 ) (5) 

where Tr(x ) denotes the trace value of the element x in 
GF( 2 m ) and { 7 , 7 2 , 7 22 , •*•, 7 2 '”“ 1 } is the dual basis to the 
basis .{a, a 2 , a 22 , [9]. 


cc = y • z 

1 2 2 

= a; Q a + WjGr + a; 2 a + ”’ +c ^ m _ 1 Q! 
m- 1 . 

= E “X ( 3 > 

*=o 

Then, as stated in [4] [5] [9] , 

= fiy^y v y 2 > ”'>y m -v 

2 0 > Z l’ Z 2 ’* ,, ’ Z m-l) 


A simple and equivalent way to represent the product func- 
tion / is by means of a Boolean matrix 

“ - m r=o (6 > 

where the i-j entry p,y of S 2 is the coefficient of a, £> ; given in 

(5). 

III. Properties of Boolean Matrix Generated 
by a Self-Dual Normal Basis 

A self-dual basis is a basis whose dual basis is itself. It is 
known [1] that, if m is odd, GF{ 2 m ) has a self-dual normal 
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basis. Let {a, a 2 , a 22 , •••,a 2m “ 1 } be a self-dual normal basis, Property 5 

that is, Tr( a 2 * • a 2/ ) = 5 j; - where 5 /; . = 0 for i =£/ and 1 for 

t = /• From (5), the Boolean matrix associated with this self- P* = P ( * m _ 1+ , W)(w ^ 2) = P ( V/-i)(m--/--2) 

dual normal basis can be written as 


12 = 




CO 


where 


for i < j and 0 < ij < m- 1 

(7) 

Proof : 


Since 7>(a) = 7>(a 2 ), 


p* = Tr(a 2 




(7a) 


Three properties of the Boolean matrix S2 have been proved in 
[9] . They are 


rr(a 2 VV'”~ 1 ) 

/ 2 [i+(m-l-i)l 2 [/+(m-l-i)l 

Tr\ot • ol 


Property 1 

12 is symmetric, that is, pJJ = p y *. 
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if/^m-2 
if / = w - 2 

0, /*m- 1 

1, / = w - 1 

In addition, there are two more properties for the Boolean 
matrix generated by a self-dual normal basis. 

Property 4 


Property 3 
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= 7 >\or • a 2 • a 2 j 
■ Tr(oc 2 ' -a 1 ") » s (0 . 
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= TV\a 2 
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Property 4 implies that the components of the last column and 
the last row of 12 are all zeros except the first component as 
shown in Fig. 1. Property 5 illustrates a triangular symmetric 
structure as shown in Fig.l. This triangular symmetry is 
described as follows. 
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Since £2 is symmetric with respect to the diagonal (Prop- 
erty^), it is sufficient to discuss only the upper-right triangle 
of 12. Ignoring the main diagonal and the last column, the 
upper-right triangular portion of the matrix consists of [mj 3] 
equilateral triangles in the sense that the numbers of elements 
on all of the three sides of each triangle are the same. Here, 
[x] denotes the greatest integer which is smaller than or equal 
to x. Let A j denote the outer-most (largest) triangle, and A ( 
the zth outer-most (ith largest) triangle. The triangular symme- 
tric structure is such that the sequences of the vectors count- 
ing clockwise on three sides of the triangle A i are identical. 
Define this identical sequence by v v As shown in Fig. 1, 
= ( a v . . .) where a ( , b i? c i , . . . GGF( 2). The dimen- 

sion of is (m-3i). As the structure merges toward the 
inner-most (smallest) triangle, one of the following three 
possible patterns will happen. 


IV. Locating a Self-Dual Normal Basis in 
GF(2 m ) When m Is Odd 

Theorem 26 of Chapter 4 of [1] shows that GF( 2 m ) has a 
self-dual normal basis if m is odd. In this section, a method to 
locate a self-dual normal basis for GF( 2 m ) when m is odd is 
presented. Let {a} = {a, a 2 , a 22 , ..., a 2tn ~ 1 } be an arbitrary 
normal basis and {£} = {j3, 0 2 , 0 22 , . .., 0 2 ™' 1 } be a self-dual 
normal basis in GF(2 m ). Then a can be expressed 


a = b^ + b^+b^ 2 + ...+b m _ 1 (3 2 ' n - 1 (8) 


Due to the fact that p 2m = j3, one can obtain 


(i) If m = 0 mod 3, then 



(ii) If m = 1 mod 3, then 



(iii) If m = 2 mod 3, then 
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a 2 
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a 22 

= B 
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• 
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* 



02 m ~ 1 


where 


where ci u .b u ^ GF ( 2), and u = [mj 3] . 


b 


m - 1 


One advantage of using this particular Boolean matrix is 
that its construction requires fewer trace computations. For 
GF{ 2 m ), the number of trace computations required to con- 
struct this Boolean matrix is 


m - 1 


b t ... b 


m-2 


B = 


b m -2 ^ m - 1 


.. b 


m -3 


(9) 


(9a) 


m 2 - 3m + 2 

6 


if m ^ 0 mod 3; and 


m 2 - 3 m 


if m = 0 mod 3, 


is the transformation matrix from the basis {£} to the basis 
{a}. Clearly, B is invertible. Taking the transpose of (9) results 
in 


which is less than one-third of that required for a Boolean 
matrix corresponding to an arbitrary normal basis as given in 

[9]- 


[a, a 2 , a 2 *,..., a 2 ™ *] = [frP 2 ,? 2 , ...,P 2 "* ‘] B T (10) 
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Multiplying (9) by (10), one has 


a 


a 


2 


a 2 2 


[a a 2 a 2 2 ... a 2 " 1 


a 2 " 1-1 


P 

P 2 


= B 


($2 2 





Carrying out the multiplication of the column and row vec- 
tors, and then taking the trace function Tr on both sides of 
(1 1), it can be shown that 


Fla) 4 [F„] 


to- 1 
i ./=0 


A 



TO- 1 


<,/= 0 


= bb t 


( 12 ) 


since Tr(fi2 l + 2 /) = 


Tt (q! 2 ) = fr? + Z? 2 + bl + . . . + b 1 

v y 0 12 TO — 1 


' 6 0*m-l + + *2*1 + • • ‘ + 


TO -2 


TO —1 

/c=0 


. 6(A + *,» 2 a,!,,.... VA 


(13) 

Since {a} is a normal basis, /’/'(a 2 ) must be 1 . Also, since G 
GF(2), Then the first equation of (13) becomes 


1 = b n + b. + b _ + . . . + b , . 

0 1 2 TO — 1 

This implies that the set of {b b x ,b , . . . 9 b m _ 1 } must have 
an odd number of l’s. 

Applying Lemma 1 1 of [9] , that is, 7>(a 2/+1 ) = Tr(o? m 7+1 ) 
for 1 < / < m/2, it can be seen that, ignoring the first equa- 
tion, the first half of the remaining equations in (13) is identi- 
cal to the second half of the equations in a reverse order. This 
means that (13) has at most (m - l)/2 + 1 = (m + l)/2 linearly 
independent equations which are 


b 0 +b l +b 2 + 


, + b 


w - 


TO —1 


V s b,b—r 

k to -;+/c 

k = 0 


= 


for; = 1,2,3 (m - 1) /2 


(14) 


But, in equation (14), m unknowns {b Q , b x , b 2 , . . . , b m _ x } 
need to be found. Therefore, the solution is not unique. 


Now, an algorithm to find a solution to (14) is demon- 
strated by using a simple example of m = 7. In this case, (14) 
becomes 


To locate the self-dual normal basis {0} from {a}, B of (9a) 
needs to_ be solved from (12). Since F /; .(a) = (a) 

where /-I = (/-l) mod m, in (12), it is sufficient to consider 
only the equality between the first row of F(a) and the first 
row of the product of B B T . Therefore, 


b O + b l +b 2 + *3 + *4 +b S +b 6 = 1 = F 00 

(15a) 

b 0 b l +b t b 2 + b 2 b 3 + b 3 b 4 + b A b 5 + b 5 b 6 + b 6 b 0 = F 01 

(15b) 
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* 0*2 + * 1*3 + b 2 b 4 + * 3*5 + * 4*6 + * 5*0 + b 6 b l ~ F 02 

(15c) 

b O b 3 + * 1*4 + * 2*5 + * 3*6 + * 4*0 + * 5*1 + * 6*2 = *03 

(15d) 

The purpose of the algorithm is to find a possible solution vec- 
tor b= (b Q ,b l ,b 2 ,b 3 ,b il ,b 5 , b ), for a given vector! = (F 00 , 
F 01 , F 02 , F 03 ) under the condition that F 00 = 1. Notice that 
the left hand sides of equations (15b), (15c) and (15d) are the 
sums of all possible products (i = 0, 1, 2, . . . , 6) for 

k- 1,2, and 3 respectively. Let « 0 , ,« 2 ’ an( * w 3 t ^ ie nurn ’ 

bers of l’s to be added in (15a) (15b), (15c), and ( 1 5 d) , 
respectively. That is, n 0 is the number of l’s in b, and n k 
(k = 1, 2, 3) is the number of fs such that bfip = 1 where 
i = 0, 1, 2, 3, 4, 5, 6. Note that n 0 must be odd. Since bfip 
G GF(2), it is clear that, when F ok = 0 ,k = 1 , 2, 3, n k must be 
even (considering 0 is even too). On the other 
hand, when F Qk = 1 , n k must be odd. 

In this algorithm, b Q is assumed to be always 1. Since the 
first element F 00 of £ must be 1, eight possible patterns of 
vector £ need to be considered. 

Case (i): £ = (1,0,0, 0) 

As F 01 = F 02 = F 03 = 0 ,n l3 n 2 and n 3 must be even. Recog- 
nize that the condition that bj = 0 for all / =£ 0 can result in 
n \ = w 2 = «3 = 0, and, consequently, satisfy the equalities of 
(15b), (15c) and (15d). Hence, a possible solution 2? is (1, 0, 
0,0, 0,0,0). 

Case (ii): £ = (1, 0, 0, 1) 

As F 03 = 1 ,« 3 must be odd. Let n 3 = 1 . From (15d), b 3 = 1 
can at least satisfy the condition of n 3 - 1 (since b 0 = 1). 
Then, a pattern of b = ( 1, X, X, 1 , X, X, X), where “X” indi- 
cates an undecided value, can be temporarily set up. Since n 0 
must be odd, there must be at least one, but not an even num- 
ber of,/’s for / # 0 or 3 such that bj = 1 . Let n Q be the mini- 
mum, that is, let there be only one /(/ 0 or 3) such that bj 

= 1 . Since F 01 = F 02 = 0, this j must be chosen so that n x and 
n 2 are both even and n 3 = 1. In order to satisfy this condition, 
this particular / must satisfy the condition that bp; b- = bjb-p. 
for all k. The only solution for this is that this / is located at 
the center of a segment which is composed of odd consecutive 
X’s. Hence, b s = 1 , that is, b = (1 , X, X, 1 , X, J_, X). Now, 
letting X = 0 satisfies the condition that ^01 ^02 0 and 

F Q3 = 1 . Therefore, a solution to (15) isb = (1 , 0, 0, 1 , 0, 1 , 0). 

Case (iii): £ = (1,0, 1,0) 

Following the same rules discussed in Case (ii), a solution 6 
to (15) can be sequentially decided as 


(1) £=( 1,X,1 ,X,X,X,X) because F Q2 - 1 ; 

(2) b - (1 , £, 1 , X, X, X, X) because, as stated in Case (ii), 
b requires an additional “1” to satisfy the condition of 
n 0 being odd, and, this additional “1” must be located 
at the center of a segment of odd consecutive X’s; 

(3) Letting X = Q,b = (1 , 1 , 1 , 0, 0, 0, 0). 

Case (iv): £ = (1, 1,0,0) 

Again, a solution Z> can be sequentially decided as 

(1) b = (M,X,X,X,X,X) because F 01 = 1; 

(2) b = (1 , 1 , X, X, J_, X, X) because of the same reasons 
stated in step (2) of Case (iii); 

(3) Letting X = 0,b = (1 , 1 , 0, 0, 1 , 0, 0). 

Case (v): t = (1,0, 1,1) 

As in Case (ii), the first step is to recognize that ^03 * • 

This gives a pattern of b = ( 1 , X, X, I , X, X, X). Since the 
number of elements in b is odd, the locations of l’s must 
divide the present b pattern into two segments of consecutive 
X’s. One segment has an even number of X’s, while the other 
has an odd number of X’s. The second step is to recognize that 
F 02 = 1 . As in Case (iii), a pattern of 1 , X, 1 should exist in F 
Notice that pattern 1 , X, 1 has an odd number of bits. In order 
not to affect the equalities given in (15b), (15c) and ( 1 5 d) , 
this pattern 1, X, 1 must be placed at the center of a segment 
in b which has an odd number of consecutive X’s. Therefore 
b = (1, X, X, 1, 1, X, 1 ). Since n 0 must be odd, letting n Q be 
the minimum, the third step is to add an additional “1” inF 
Again, following the same argument described in Case (ii), this 
additional “1” must be placed at the center of a segment with 
odd consecutive X’s, resulting in = (1, X, X, 1,1,1^, 1). 
Finally, letting X = 0, a solution b = (1 , 0, 0, 1 , 1 , 1 , 1) to (15) 
can be obtained. 

Case (vi): £ = (1, 1,0, 1) 

First, since F 03 = 1 , b = ( 1 , X, X, 1 , X, X, X). Next, since 
F 01 = 1, a pattern of 1~ 1 should exist in F Similar to what 
was described in Case (vjh since there are an even number of 
bits in pattern 1,1, this pattern should be placed at the center 
of a segment of even consecutive X’s in F Therefore, b be- 
comes (1, LJ., 1, X, X, X). Finally , since n Q is odd, letting n 0 
be the minimum results in ^ = (1 , 1 , 1 , 1 , 0, J_, 0). 

Case (vii): t_ = (1, 1, 1,0) 

Using the arguments given in Case (v) and Case (vi),£ can 
be sequentially decided as 

(1) b - ( 1 , X, 1 , X, X, X, X) because F 02 = 1 ; 

(2) b = (1 , X, 1 , X, 1, 1, X) because F 01 = 1 ; 
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(3) b = (1 , J_, 1 , X, 1 , 1 , X) because n 0 is odd; 

(4) Letting X = 0, b = (1 , 1 , 1 , 0, 1 , 1 , 0), finally. 

Case (viii): _/ = (1 , 1 , 1 , 1) 

Again , b can be sequentially decided as 

(1) b = ( 1,X,X, 1 , X, X, X) because F 03 = 1 ; 

(2) & = (1 , X. X, 1, 1, X, 1 ) because F 02 = 1; 

(3) b = (1 , 1, 1, 1, 1, X, 1) because F 0l = 1; 

(4) b = (1, 1, 1, 1, 1, 1_, 1), because n 0 is odd. 

^For an arbitrary odd number m, the algorithm of solving 
b = (b 0 , by , b 2 , • • • ,b m _ j) to equation (14) for a given t_ - 
(^oo ,F 01 , • ■ • ,^ 0 (m-i)/ 2 ) can described as follows 

(i) Set iy = 0 for j = 0, 1 , • • • , m - 1 . 

Set k = (m - l)/2. 

Set ISTART = 0. 


(iii) Set k = k - 1 

(iv) If k =£ 0, go to (ii). 

(v) If ISTART = 0,£ o = 1. 

Else, (A) if ISTART = even ^(isTART+i )/2 = 

(B) if ISTART = °dd,^ m+ISTART ^ 2 = 1. 

(vi) End. 

Figure 2 illustrates a flow chart of this algorithm to solve equa- 
tion (14) when m is odd. It should be pointed out that this 
algorithm is not the only algorithm for solving b. However, 
this algorithm is the optimum in the sense that the number of 
l’s in b is minimum. 

Since the matrix B in (9) is formed by b which depends on 
only a according to the algorithm described, a self-dual normal 
basis (M 2 ,0 2 V--,0 2m ' 1 ) can be constructed from another 
normal basis (a, a 2 , a } 2 , ■ ■ • , a 2m ~ l ) in such a way that 


00 lfF ok = 0, go to (iii). 

Else, 

(A) if b Q =.0,setZ? o = 1 ,b k = 1 and ISTART = k\ 

(B) if b 0 = 1, 

(a) if ISTART = odd, 

(1) if k = odd, 

^(ISTART-*)/2 “ * anC * 

^(ISTART+/c)/2 ” 

(2) if k = even, 

^ISTART+(m— ISTART— A:)/2 ” 1 and 
(m— ISTART— /e)/2 ” * 5 

(b) if ISTART = even, 


(1) if k = odd, 

^ISTART+(m— ISTART— fc)/2 
ISTART— fc)/2 ~~ 1 ’ 

(2) if k = even, 

^(ISTART— fc)/2 “ 1 anCl 
^(ISTART+fc)/2 “ ** 


0 


a 

0 2 


a 2 

0 22 



• 

= B - 1 


0 2 m-l 


a 2 " 1 - 1 


where B~ l is the inverse of B 


(16) 


V. Construction of a Boolean Matrix from a 
Self-Dual Normal Basis When m is Odd 

For an arbitrary element 9 in GF( 2 m ) such that Tr{9) = 1. 
F 0/ . = 7>(0 2/+1 ) for / = 1, 2, . . . , m - 1, can be calculated. 
Following the algorithm described in the last section, a solu- 
tion b=(b 0 ,b l ,b 2 ,‘ • ■ , b m ) to the equation ( 1 4) can be ob- 
tained. Then, a matrix B can be constructed in the form of 
(9a). 

Theorem 1 

If B is invertible, {9, 0 2 , 0 22 , • • • , 9 2m ~ 1 } is a normal basis. 
Proof: 

Since B is invertible, B~ l exists. It can be easily shown 
that B~ x must be of form that the row vectors in B~ l are the 
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cyclically shifted versions of one another which is the form of 
B. Then,# -1 can be expressed as 



b' 

b[ 

b’ • • 

• b* , 


0 

i 

2 

m -1 


b ' t 

b' 

K “ • 

* b' „ 

II 

m -1 

0 

m -2 

b' , 

F , 

b' • • 

• b' , 


m -2 

m - 1 

0 

m -3 


• 

• 

• 

• 


• 

• 

• 

• 


• 

• 

• 

• 



K 

• • 

• 


m -1 

= £ b : e2 ‘ 


i = 0 


and 




Then 


f = 5” 1 0 r (17) 

where 

0 = [M 2 , 0 22 ,6> 23 ,.--,0 2m ~ 1 ]- 

Let us first prove that {0, 0 2 , 0 22 , • • • , 0 2 '"* 1 } is a normal 
basis. A contradiction proof is used here. 

Suppose that {0, 0 2 , 0 22 • • ■ , 0 2m_1 } are linearly dependent, 
there must exist a non-zero vector C = [C 0 , C 1 , C 2 , • ■ • , C m 
such that 


Cf = 0 

From (17), 

CB~ l l T = 0 

Since 0 is a normal basis, vector C# -1 must be an all-zero vec- 
tor. This implies that \F Q ,b[,F 2 , ■ . • } are linearly 

dependent where is the A: th row vector of B~ l . It con- 
tradicts the fact that is invertible. Therefore, {0, 0 2 , 
0 22 , • • • > 0 2 '”~ 1 } is a normal basis. Since _0 r = B p T and 


B is invertible, it is clear that {0,0 2 ,0 22 , . . . is a nor- 

mal basis. 

Theorem 2 

If B is invertible, (0, 0 2 , 0 22 , • • • , 0 2m “ 1 } which is con- 
structed by (17) is a self-dual normal basis. 

Proof: 

From Theorem 1, (0 , 0 2 , 0 22 , • • - , 0 2 " 1-1 } and {0,0 2 ,0 22 , 
■ • , 0 2m ~ 1 } are both normal bases. Following the same proce- 
dure of (9)(10) and (1 1) by replacing a by 0 arrives to 

F(6) = BF{$)W 

where F(x) is an m X m matrix with entry F^(x) = Tr( jc 2l+2/ ), 
ij = 0, 1,. . . ,m - 1 . Then, 


B’ x F(S)(B' l ) T = F(0) 

Since b is a solution of F(d) = B # T , # -1 F(0) (B~ l ) T = I. 
Therefore, F(0) = I, that is {0, 0 2 , 0 22 , • • • , 0 2 ™ -1 } is a self- 
dual normal basis. 

Now, an algorithm of constructing a Boolean matrix for 
a self-dual normal basis for GF( 2 m ) when m is odd can be 
described as follows. 

Starting with an arbitrary element 0 in GF( 2 m ), one first 

computes {F oo (0), ^,(0), F 02 ( e )< • • ’ > F o,(m-i)/ 2 ( 0 )}- Goin 8 
through the procedure described in the last section, one can 
obtain a solution b - (b 0 , b x , b 2 , • • • i b m _ x ) to equation (14). 
After forming a matrix B as shown in (9a), one checks whether 
B is invertible. If it is, (0, 0 2 , 0 22 , • • • , 0 2 ™** 1 ) [$ a normal 
basis. If it is not, try another 0 until the corresponding matrix 
B is invertible. From the normal basis (0, 0 2 , 0 22 , • • * , 0 2m_1 ), 
a self-dual normal basis (0, 0 2 , 0 22 , • • ■ ,0 2 '”~ 1 ) can be formed 
by (17). Finally applying Property 1, 2, 4 and 5 in section 3, 
one can compute p* = Tr(p l • 02' • 02 m_1 ) for / = 0, 1 , ■ 
[m/3] - 1 and / = 2/ + 1, 2/ + 2, * • • , m - 3 - /, and then set 
up the Boolean matrix £1 = [p,* ] ™ 7 ^ of structure given in 
Fig. 1. ' J ~ 

Figure 3 illustrates a flow chart of setting up the Boolean 
matrix. Our initial goal is to determine whether (0, 0 2 , 0 22 , 

• • • , 0 2m ~ 1 ) is a normal basis. Theorems 7 and 8 of [9] show 
two quick check rules to do this before solving the b . Notice 
that Theorem 9 of [9] is not applicable here because m is 
odd. Figures 4(a), (b) and (c) illustrate the Boolean matrices 
obtained by using this algorithm for m = 9, 17 and 31 , respec- 
tively. [7] also presents the Boolean matrix form = 127. Fig- 
ure 5 shows the CPU time required on VAX-11/750 to con- 
struct the Boolean matrix based on a self-dual normal basis 
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of GF{ 2 m ). Compared to Fig. 5 of [9] , it can be seen that, 
for large m, the computation time required for a self-dual nor- 
mal basis is reduced to about 1/3 of that for a regular normal 
basis. For example, for m = 127, it takes only 16 minutes to 
construct a. Boolean matrix versus 40 minutes indicated in 
Fig. 5 of [9] . This is due to the fact that the number of 
trace computations required in this algorithm is less than 1/3 
of that required in the algorithm stated in [9] . When m is 
small, the pre-matrix computation which includes the program 
initial setup and locating the normal basis dominates the com- 
puter time. Therefore, Fig. 5 doesn’t show significant reduc- 
tion on computer time when m is small. 

In [5] , it has been shown that the complexity of the VLSI 
design of Massey-Omura multipliers depends on the numbers 
of l’s in Boolean matrix £2. A matrix with fewer l’s is more 


desirable. Comparing our computer results in this article with 
those in [9], it is observed that the number of l’s in the 
Boolean matrix generated by a self-dual normal basis is less 
than that generated by an arbitrary normal basis. 


VI. Conclusion 

In this article, it has been shown that the Boolean matrix 
obtained by a self-dual normal basis maintains a special sym- 
metric structure so that the time required to construct it can 
be reduced to 1/3 that required for an arbitrary normal basis. 
To locate a self-dual normal basis in the field GF(2 m ) has been 
a challenging problem. This article has presented an algorithm 
to locate a self-dual normal basis and then to construct a 
Boolean matrix when m is odd. 
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a jf bj.cj € GF (2) 

Fig. 1. Structure of a Boolean matrix corresponding to a self-dual 
normal basis 




Fig. 2. Flow chart of computing the vector b 
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(a) 

:012345678 


0:0 0 0 0 1 1 1 01 
1:0 010 1 0 0 0 0 
2:010101100 
3:00101 1010 
4:110 1 0 0 0 1 0 
5:1 0110 0 010 
6 : 101000000 
7:0 0 01 1 10 1 0 
8 : 100000000 
NUMBER OF Vs IN BOOLEAN MATRIX = 29 



Fig. 3. Algorithm of constructing the Boolean 
matrix for a seif-dual normal basis 
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NUMBER OF 1's IN BOOLEAN MATRIX = 117 
(c) 

: 00000000001 1 1 1 1 1 1 1 1 122222222223 

; 012345678901 2345678901 234567890 


0:011010111111110 
1:101001110101101 
2:110001101011000 
3:0000001 10001 1 10 

4: 100001 100000101 

5:011010001 101 101 
6:111110011111110 
7: 110100101 101 100 

8:101001110110110 
9:110001111001100 
10 101000101000101 
11:111101110100000 
12 : 1 1 0 1 1 1 1 1 1 1 1 0 0 0 1 
13: 100100101000000 
14:01001 1000010100 

15:0011 100000111 10 

16:0100001 1 1000000 
17:011010001011101 
18:000101 1 10101001 
19:0101 10100001001 
20:011000001000010 
21:110110011001110 
22 : 1 1 0 1 10001010010 
23:111111100101100 
24:001101101000100 
25:110000010110101 
26:001100011101001 
27:001101011000101 
28:100111010110101 
29 : 1 1 0 1 0 1 1 1 1 1 1 1 1 0 0 
30: 100000000000000 
NUMBER OF 1's IN BOOLEAN MATRIX = 453 


00000011101001 11 
0110111110100010 
1010010011011000 
1001101111011110 
1010101 1 10000100 
000100001 1001 1 10 
0101 10001 1000010 
0101001000111110 
0110011101011010 
00010000101 101 10 
10100001001001 10 
1011101010010010 
1010001011101110 
100001 1 100000000 
0011100000111100 
001001 1000010100 
0010010010100000 
1101101111111100 
0010111101110100 
001 1010100010100 
1101101100011110 
1011010101001110 
0011111011010010 
0110000101111100 
0011001110011010 
01 1 1000010010000 
1011110111100000 
001001101 1000110 
1011111010001010 
0000011101001110 
0000000000000000 


Fig. 4. Boolean matrix (a) for GF(2 9 ), (b) for GF(2 17 ), and (c)for GF(2 31 ) 
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